CVSS: 9.8EPSS: 10%CPEs: 2EXPL: 1CVE-2024-0921 – D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection
https://notcve.org/view.php?id=CVE-2024-0921
26 Jan 2024 — A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiyuanhuaigu/cve/blob/main/rce.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43236
https://notcve.org/view.php?id=CVE-2023-43236
21 Sep 2023 — D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer a través del parámetro statuscheckpppoeuser en dir_setWanWifi. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/dir_setWanWifi/1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43237
https://notcve.org/view.php?id=CVE-2023-43237
21 Sep 2023 — D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer mediante el parámetro macCloneMac en setMAC. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/setMAC/1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43238
https://notcve.org/view.php?id=CVE-2023-43238
21 Sep 2023 — D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer mediante el parámetro nvmacaddr en form2Dhcpip.cgi. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/form2Dhcpip_cgi/1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43239
https://notcve.org/view.php?id=CVE-2023-43239
21 Sep 2023 — D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer a través del parámetro flag_5G en showMACfilterMAC. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/showMACfilterMAC/1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43240
https://notcve.org/view.php?id=CVE-2023-43240
21 Sep 2023 — D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. Se descubrió que D-Link DIR-816 A2 v1.10CNB05 contenía un Desbordamiento del Búfer a través del parámetro sip_address en ipportFilter. • https://github.com/peris-navince/founded-0-days/blob/main/Dlink/816/ipportFilter/1.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 12%CPEs: 2EXPL: 1CVE-2018-20305
https://notcve.org/view.php?id=CVE-2018-20305
20 Dec 2018 — D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address. Los dispositivos D-Link DIR-816 A2 1.10 B05 permiten la ejecución remota de código sin autenticación mediante el parámetro newpass. En la función handler en /goform/form2userconfig.cgi, una contraseña larga podría conducir a un desbordamiento de ... • https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 1CVE-2018-17063
https://notcve.org/view.php?id=CVE-2018-17063
15 Sep 2018 — An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters. Se ha descubierto un problema en dispositivos D-Link DIR-816 A2 1.10 B05. Se emplea un parámetro de petición HTTP en la construcción de cadenas de comandos en la función handler de la ruta goform NTPSyncWithHost. • https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2018-17064
https://notcve.org/view.php?id=CVE-2018-17064
15 Sep 2018 — An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked. Se ha descubierto un problema en dispositivos D-Link DIR-816 A2 1.10 B05. Se emplea un parámetro de petición HTTP en la construcción de cadenas de comandos en la función handler de la ruta goform sylogapply. • https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17065
https://notcve.org/view.php?id=CVE-2018-17065
15 Sep 2018 — An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address. Se ha descubierto un problema en dispositivos D-Link DIR-816 A2 1.10 B05. En la función handler de la ruta goform DDNS, una contraseña muy larga podría conducir a un desbordamiento de búfer basado en pila y la sobrescritura de la dirección de retorno. • https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_1 • CWE-787: Out-of-bounds Write •